Closed luto closed 5 years ago
I'm all in favor of removing the .secret
file during build – @maxrink, what do you think?
Have you tested if this actually happens? As I see it, yes, ./pretalx/src/data/.secret
is baked into the image (and we should still fix that), but never gets read in production, because in production, DATA_DIR
is set to /data
by default, where one usually mounts a volume. This way, in production, a new .secret
will be created in that volume and used.
I agree on @raphaelm s point. It should never get used in a production setup.
However, adding an line like
RUN rm -f /pretalx/src/data/.secret
to the Dockerfile would not hurt anything.
Thank you, all of you.
ooooh, well. :man_facepalming:
As far as I can tell, the secret key for the prebuilt image is generated exactly once during
pip install
(via the calls tocall_command
, which load the settings, which generate a key, if there is none. The README of this repo tells users to follow the configuration guide, which explicitly marks SECRET_KEY as optional.When using the prebuild image without a SECRET_KEY set in the config, pretalx will run with the SECRET_KEY baked into the image as
./pretalx/src/data/.secret
. This key is shared across all pretalxes run this way and public. Since it's not supposed to be public this is probably a bad idea :sweat_smile:I am not sure how to resolve this, though. As an immediate work-around maybe remove the
.secret
-file during build, after the last python3 command? This makes pretalx generate a new key on each container start. A long-term solution would be to enforce a SECRET_KEY in the config in docker setups.